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Hackers installed cryptojacking malware by compromising a popular browser 
extension 


Thousands of websites, including government sites in the United States, the U.K., and Australia, 
were ensnared in an international cryptojacking scheme, The Re g ister refjorts : 
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The affected sites all use a fairly popular plugin called Browsealoud, made by Brit 
biz Texthelp, which reads out webpages for blind or partially sighted people. 

This technology was compromised in some way - either by hackers or rogue 
insiders altering Browsealoud's source code - to silently inject Coinhive’s 
Monero miner into every webpage offering Browsealoud. 

For several hours today, anyone who visited a site that embedded Browsealoud 
inadvertently ran this hidden mining code on their computer, generating money 
for the miscreants behind the caper. 

The nearly 4,300 websites impacted included the U.S. Federal Court system, City University of 
New York, and the U.K.’s National Health Service (NHS). Notably, the sites themselves were not 
breached; hackers delivered the malware by compromising the popular Browsealoud plugin. As of 
this writing, the developers of Browsealoud have not determined how their code was hacked. 

Cryptojacking Attacks Getting More Frequent & Sophisticated 

Cryptojacking, which employs crypto-mining malware to covertly (and illegally) co-opt CPU 
resources to "mine’’ cryptocurrencies like Monero, is on track to becoming a bigger threat to 
enterprises than ransomware. There are two ways in which cryptojacking attacks can occur: 

The first attack vector uses a script injected into a website or in content delivered to multiple 
websites, such as ads or plugins. No code is stored on victims’ computers; the malware runs only 
while the visitor has the infected website tab or ad pop-up open. This is the type of attack vector 
used in the Browsealoud hack and the cryptojacking advertisements recently discovered runnin g 
on YouTube . 

If your organization's website is cryptojacked, your site visitors’ computer hardware is put to work 
making money for cyber criminals. Whenever your employees visit a cryptojacked site, they’re the 
ones put to work for the cyber criminals; additionally, the cryptojacking malware eats up their 
machines' resources, slowing their systems, decreasing their productivity, and potentially tying up 
your IT department with complaints about system sluggishness. 

The second method of attack is to install crypto-mining malware on victims’ computers that runs in 
the background, sucking up resources unbeknownst to the victims. Usually, this happens through a 
phishing scheme, but a new crypto j ackin g variant called WannaMine . which specifically targets 
enterprise systems, also employs the credential harvester Mimikatz to crack weak user passwords. 
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While cryptojacking malware traditionally attacked smartphones and other small loT devices, 
“next-generation” malware like WannaMine and Smominru are designed to go after desktop 
machines and servers. WannaMine has been reported to eat up so many resources that it has 
caused a p plications and hardware to crash . Rogue crypto-mining is even threatening critical 
infrastructure. Last week, cryptojacking malware was discovered on an industrial control system at 
a water utility in Europe, where it reportedly had a "significant impact” on system operations. 

Preventing Cryptojacking 

There are several ways in which your organization can guard against cryptojacking: 

• Incorporate cryptojacking into the cyber security training given to your IT help desk workers 
and the rest of your employees. 

• Use network security software to monitor for and block the activity needed for crypto-miners 
to work. 

• Keep your systems and software up-to-date; only older Windows machines are susceptible to 
the Eternal Blue exploit used by WannaMine and Smominru. 

• Ensure that all system users are using strong passwords that cannot be cracked by Mimikatz. 

• Ensure that all of your employees use ad blocking and anti-crypto-mining browser extensions. 

The cyber security experts at Continuum GRC have deep knowledge of the cyber security field, are 
continually monitoring the latest information security threats, and are committed to protecting 
your organization from security breaches. Continuum GRC offers full-service and in-house risk 
assessment and risk management subscriptions, and we help companies all around the world 
sustain proactive cyber security programs. 

Continuum GRC is proactive cyber security®. Call 1-888-896-6207 to discuss your 
organization’s cyber security needs and find out how we can help your organization protect its 
systems and ensure compliance. 
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GSA PROPOSES CHANGES TO FEDERAL CONTRACTOR CYBER SECURITY RULES 
#METOO PROMPTS EMPLOYERS TO REVIEWTHEIR ANTI-HARASSMENT POLICIES^ 

Free Consultation Request! 
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